diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2017-05-23 13:03:03 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-05-25 02:25:13 +0200 |
commit | 468dc02e84fedbfae2b297f716cb60dec2981ed5 (patch) | |
tree | 7dee47c399df0f6bb510de336c5f522a26ffd926 /python | |
parent | 9444bbfe1829e25f772e05c1c3f3c5aa26a16105 (diff) | |
download | samba-468dc02e84fedbfae2b297f716cb60dec2981ed5.tar.gz |
tests net_join: use private secrets database.
Tests were leaving entries in the secrets database that caused
subsequent test cases to fail.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/provision/__init__.py | 5 | ||||
-rw-r--r-- | python/samba/tests/net_join.py | 65 | ||||
-rw-r--r-- | python/samba/tests/net_join_no_spnego.py | 41 |
3 files changed, 105 insertions, 6 deletions
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py index d61f26e1345..e55d807d8a4 100644 --- a/python/samba/provision/__init__.py +++ b/python/samba/provision/__init__.py @@ -898,7 +898,10 @@ def secretsdb_self_join(secretsdb, domain, if len(res) == 1: msg["priorSecret"] = [res[0]["secret"][0]] - msg["priorWhenChanged"] = [res[0]["whenChanged"][0]] + try: + msg["priorWhenChanged"] = [res[0]["whenChanged"][0]] + except KeyError: + pass try: msg["privateKeytab"] = [res[0]["privateKeytab"][0]] diff --git a/python/samba/tests/net_join.py b/python/samba/tests/net_join.py new file mode 100644 index 00000000000..daba2d2e3bc --- /dev/null +++ b/python/samba/tests/net_join.py @@ -0,0 +1,65 @@ +# Unix SMB/CIFS implementation. +# +# Copyright (C) Catalyst.Net Ltd. 2017 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +""" +Confirm that net.join_member works +""" + +import samba.tests +import os +from samba.net import Net, LIBNET_JOIN_AUTOMATIC +from samba.credentials import DONT_USE_KERBEROS +from samba import NTSTATUSError, ntstatus +import ctypes + +class NetJoinTests(samba.tests.TestCaseInTempDir): + + def setUp(self): + super(NetJoinTests, self).setUp() + self.domain = os.environ["DOMAIN"] + self.server = os.environ["SERVER"] + self.lp = self.get_loadparm() + self.lp.set("private dir", self.tempdir) + self.lp.set("lock dir", self.tempdir) + self.lp.set("state directory", self.tempdir) + + def tearDown(self): + super(NetJoinTests, self).tearDown() + + def test_net_join(self): + netbios_name = "NetJoinTest" + machinepass = "abcdefghij" + creds = self.insta_creds(template=self.get_credentials(), + kerberos_state=DONT_USE_KERBEROS) + + net = Net(creds, self.lp, server=self.server) + + # NOTE WELL: We must not run more than one successful + # net.join_member per file (process), as the shared + # secrets.ldb handle will be kept between runs. + try: + (join_password, sid, domain_name) = net.join_member( + self.domain, netbios_name, LIBNET_JOIN_AUTOMATIC, + machinepass=machinepass) + except NTSTATUSError as e: + code = ctypes.c_uint32(e[0]).value + if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED: + self.fail("Connection failure") + raise + os.unlink(os.path.join(self.tempdir, "secrets.ldb")) + pass diff --git a/python/samba/tests/net_join_no_spnego.py b/python/samba/tests/net_join_no_spnego.py index 4da9c2e3729..09a2856c9b5 100644 --- a/python/samba/tests/net_join_no_spnego.py +++ b/python/samba/tests/net_join_no_spnego.py @@ -27,26 +27,28 @@ from samba.credentials import DONT_USE_KERBEROS from samba import NTSTATUSError, ntstatus import ctypes -class NetJoinNoSpnegoTests(samba.tests.TestCase): +class NetJoinNoSpnegoTests(samba.tests.TestCaseInTempDir): def setUp(self): super(NetJoinNoSpnegoTests, self).setUp() - self.remoteAddress = "/root/ncalrpc_as_system" self.domain = os.environ["DOMAIN"] self.server = os.environ["SERVER"] + self.lp = self.get_loadparm() + self.lp.set("private dir", self.tempdir) + self.lp.set("lock dir", self.tempdir) + self.lp.set("state directory", self.tempdir) def tearDown(self): super(NetJoinNoSpnegoTests, self).tearDown() def test_net_join_no_spnego(self): - lp = self.get_loadparm() - lp.set("client use spnego", "no") + self.lp.set("client use spnego", "no") netbios_name = "NetJoinNoSpnego" machinepass = "abcdefghij" creds = self.insta_creds(template=self.get_credentials(), kerberos_state=DONT_USE_KERBEROS) - net = Net(creds, lp, server=self.server) + net = Net(creds, self.lp, server=self.server) try: (join_password, sid, domain_name) = net.join_member( @@ -56,4 +58,33 @@ class NetJoinNoSpnegoTests(samba.tests.TestCase): code = ctypes.c_uint32(e[0]).value if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED: self.fail("Connection failure") + elif code == ntstatus.NT_STATUS_ACCESS_DENIED: + return + else: + raise + self.fail("Shoud have rejected NTLMv2 without SPNEGO") + + def test_net_join_no_spnego_ntlmv1(self): + self.lp.set("client use spnego", "no") + self.lp.set("client ntlmv2 auth", "no") + netbios_name = "NetJoinNoSpnego" + machinepass = "abcdefghij" + creds = self.insta_creds(template=self.get_credentials(), + kerberos_state=DONT_USE_KERBEROS) + + net = Net(creds, self.lp, server=self.server) + + # NOTE WELL: We must not run more than one successful + # net.join_member per file (process), as the shared + # secrets.ldb handle will be kept between runs. + try: + (join_password, sid, domain_name) = net.join_member( + self.domain, netbios_name, LIBNET_JOIN_AUTOMATIC, + machinepass=machinepass) + except NTSTATUSError as e: + code = ctypes.c_uint32(e[0]).value + if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED: + self.fail("Connection failure") + raise + os.unlink(os.path.join(self.tempdir, "secrets.ldb")) pass |